F5 Networks BIG-IP : Advanced WAF and BIG-IP ASM MySQL database vulnerability (K36942191)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.6 / 14.1.3.1 / 15.1.3 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K36942191 advisory. - On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the...

F5 Networks BIG-IP : BIG-IP Advanced WAF and BIG-IP ASM vulnerability (K41351250)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.3 / 12.1.6 / 13.1.4 / 14.1.4.1 / 15.1.3 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K41351250 advisory. - On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x...

F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM WebSocket vulnerability (K42051445)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 14.1.4.3 / 15.1.3.1 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K42051445 advisory. - On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x befo...

Siemens JT2Go ASM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ASM...

Siemens JT2Go ASM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ASM...

Siemens Solid Edge Heap Buffer Overflow Vulnerability (CNVD-2021-51464)

Siemens Solid Edge is a group of software tools for dealing with various product development processes: 3D design, simulation, manufacturing and design management. A heap buffer overflow vulnerability exists in Siemens Solid Edge where the plmxmlAdapterSE70.dll library in the affected application...

CVE-2021-34327

A vulnerability has been identified in JT2Go All versions V13.2, Solid Edge SE2021 All Versions SE2021MP5, Teamcenter Visualization All versions V13.2. The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could resul...

CVE-2021-34327

A vulnerability has been identified in JT2Go All versions V13.2, Solid Edge SE2021 All Versions SE2021MP5, Teamcenter Visualization All versions V13.2. The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could resul...

CVE-2021-34327

A vulnerability has been identified in JT2Go All versions V13.2, Solid Edge SE2021 All Versions SE2021MP5, Teamcenter Visualization All versions V13.2. The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could resul...

CVE-2021-34327

The CVE affects Siemens Solid Edge, JT2Go, and Teamcenter Visualization with a heap-based buffer overflow in plmxmlAdapterSE70.dll when parsing ASM files. Root cause: improper validation of user-supplied data leading to an out-of-bounds write and potential code execution in the affected process. ...

Siemens JT2GO 缓冲区错误漏洞

Siemens Solid Edge is a group of software tools for dealing with various product development processes: 3D design, simulation, manufacturing and design management. A heap buffer overflow vulnerability exists in Siemens Solid Edge where the plmxmlAdapterSE70.dll library in the affected application...

Siemens JT2Go < 13.1.0.2 Multiple Vulnerabilities (SSA-695540)

The version of Siemens JT2Go installed on the remote Windows hosts is prior to 13.1.0.2. It is, therefore, affected by multiple vulnerabilities, including the following: - Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer...

CVE-2021-23010

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

CVE-2021-23014

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to upload files. Note: Software...

CVE-2021-23014

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to upload files. Note: Software...

CVE-2021-23010

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

CVE-2021-23010

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

CVE-2021-23010

CVE-2021-23010 affects BIG-IP ASM/Advanced WAF: when processing WebSocket requests with JSON payloads using the default JSON Content Profile, the BIG-IP ASM bd process may produce a core file. Affected versions include 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x b...

Siemens JT2Go < 13.1.0.1 Multiple Vulnerabilities (SSA-663999)

The version of Siemens JT2Go installed on the remote Windows hosts is prior to 13.1.0.1. It is, therefore, affected by multiple vulnerabilities, including the following: - A vulnerability has been identified in JT2Go. Affected applications lack proper validation of user-supplied data when parsing...

F5 Networks BIG-IP : BIG-IP ASM and Advanced WAF WebSocket vulnerability (K18570111)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.5 / 14.1.3.1 / 15.1.2 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K18570111 advisory. - On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before...